package com.zys.sac.core.handler;

import com.zys.sac.core.constant.RequestStatus;
import com.zys.sac.core.util.ServletResponseUtils;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RestControllerAdvice;

/**
 * 补充异常处理类，当使用spring security注解来控制权限时，如果当前用户没有权限，会抛出{@link AccessDeniedException}异常，
 * 此时该异常会被全局异常处理器捕获并抛出，而导致{@link org.springframework.security.web.access.AccessDeniedHandler}失效，
 * 因此这里用一个自定义的全局异常处理器来捕获（其他异常spring security的handler能够自己处理）
 *
 * Created by zhongjunkai on 2022/9/28.
 */
@RestControllerAdvice
public class SupplementExceptionHandler {

    @ExceptionHandler(AccessDeniedException.class)
    public Object handleBusinessException(AccessDeniedException ex) {
        return ServletResponseUtils.result(RequestStatus.UNAUTHORIZATION.getCode(), RequestStatus.UNAUTHORIZATION.getMsg());
    }

}
